diff --git a/htdocs/core/customreports.php b/htdocs/core/customreports.php
index a67597fcaea..6788196e743 100644
--- a/htdocs/core/customreports.php
+++ b/htdocs/core/customreports.php
@@ -33,7 +33,7 @@ if (!defined('USE_CUSTOM_REPORT_AS_INCLUDE')) {
 	$massaction = GETPOST('massaction', 'alpha'); // The bulk action (combo box choice into lists)
 
 	$mode = GETPOST('mode', 'alpha') ? GETPOST('mode', 'alpha') : 'graph';
-	$objecttype = GETPOST('objecttype', 'aZ09');
+	$objecttype = GETPOST('objecttype', 'aZ09arobase');
 	$tabfamily  = GETPOST('tabfamily', 'aZ09');
 
 	if (empty($objecttype)) {
@@ -137,10 +137,15 @@ if ($objecttype) {
 		} else {
 			dol_include_once("/".$objecttype."/class/".$objecttype.".class.php");
 		}
+
 		$ObjectClassName = $arrayoftype[$objecttype]['ObjectClassName'];
-		$object = new $ObjectClassName($db);
+		if (class_exists($ObjectClassName)) {
+			$object = new $ObjectClassName($db);
+		} else {
+			print 'Failed to load class for type '.$objecttype.'. Class file found but class object '.$ObjectClassName.' not found.';
+		}
 	} catch (Exception $e) {
-		print 'Failed to load class for type '.$objecttype;
+		print 'Failed to load class for type '.$objecttype.'. Class path not found.';
 	}
 }
 
@@ -148,7 +153,7 @@ if ($objecttype) {
 $socid = 0;
 if ($user->socid > 0) {	// Protection if external user
 	//$socid = $user->socid;
-	accessforbidden();
+	accessforbidden('Access forbidden to external users');
 }
 
 // Fetch optionals attributes and labels
@@ -186,7 +191,7 @@ if (!empty($object->element_for_permission)) {
 	$features = $object->element_for_permission;
 }
 
-restrictedArea($user, $features, 0, '');
+restrictedArea($user, $features.(empty($object->module) ? '' : '@'.$object->module), 0, '');
 
 $error = 0;
 
diff --git a/htdocs/core/lib/functions.lib.php b/htdocs/core/lib/functions.lib.php
index fb03c070213..1a7e95c6337 100644
--- a/htdocs/core/lib/functions.lib.php
+++ b/htdocs/core/lib/functions.lib.php
@@ -625,7 +625,7 @@ function GETPOSTISARRAY($paramname, $method = 0)
  *                               'alphanohtml'=check there is no html content and no " and no ../
  *                               'aZ'=check it's a-z only
  *                               'aZ09'=check it's simple alpha string (recommended for keys)
- *                               'aZ09arobase'=check it's a string for an element type
+ *                               'aZ09arobase'=check it's a string for an element type ('myobject@mymodule')
  *                               'aZ09comma'=check it's a string for a sortfield or sortorder
  *                               'san_alpha'=Use filter_var with FILTER_SANITIZE_STRING (do not use this for free text string)
  *                               'nohtml'=check there is no html content